US8966258B2 - Method for securely downloading from distributed download sources - Google Patents

Method for securely downloading from distributed download sources Download PDF

Info

Publication number
US8966258B2
US8966258B2 US13/521,874 US201013521874A US8966258B2 US 8966258 B2 US8966258 B2 US 8966258B2 US 201013521874 A US201013521874 A US 201013521874A US 8966258 B2 US8966258 B2 US 8966258B2
Authority
US
United States
Prior art keywords
secure
download
client
server
main server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/521,874
Other languages
English (en)
Other versions
US20120290842A1 (en
Inventor
Jerry John Artishdad
Christian Hett
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Artec Computer GmbH
Original Assignee
Artec Computer GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Artec Computer GmbH filed Critical Artec Computer GmbH
Assigned to ARTEC COMPUTER GMBH reassignment ARTEC COMPUTER GMBH ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ARTISHDAD, JERRY JOHN, HETT, CHRISTIAN
Publication of US20120290842A1 publication Critical patent/US20120290842A1/en
Application granted granted Critical
Publication of US8966258B2 publication Critical patent/US8966258B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/108Resource delivery mechanisms characterised by resources being split in blocks or fragments

Definitions

  • the present invention relates to a method of securely downloading from distributed download sources.
  • the greatest possible download security with a simultaneously minimized server load is needed for this.
  • the method of this invention comprises as shown in the drawing at least the following steps:
  • a computer network that is characterized in that it contains at least one client computer, a secure main server and at least one non-secure download server, wherein a secure network connection is established between the client computer and the secure main server; in particular, a HTTPS or SSL connection;
  • Preferred use of the method according to the invention is applicable for updates of the client by the one and/or several servers.
  • the update therein includes only software updates as well as firmware updates or updates for the operating software for devices.
  • Each client is, first of all, rendered exactly identifiable by generating a unique identifier for the contacted server. These unique identifiers are then deposited on a secure database server in a database.
  • generating the unique identifiers for each client includes at least the steps of
  • the unique ID can be, for example, the serial number of the device.
  • the MAC address can serve as a further unique identifying feature and can also be included in the identifier, if necessary.
  • the files are assembled for downloading and compressed in an archive file.
  • This process can be done automatically by scripts that use the information from the database, as well as by an administrator or human user otherwise authorized.
  • a hash value is then generated for the archive file, and the archive is signed using it.
  • the signed archive file can either be used further in one piece or, which is highly preferred, divided into several parts. The parts therein must not necessarily all have the same size; their dimensions can be completely arbitrary.
  • the one or more parts of the signed archive file are, in addition, symmetrically encrypted, and the used key is added to the information regarding the parts that are to be loaded in the transmitted data packet. This allows for further enhancing the security of the data. Due to the additional encryption, it is no longer possible to recognize the parts from which information regarding their content could have been extracted, nor can their content be analyzed.
  • non-secure download is servers for downloading.
  • Any additional symmetrical encryption accommodates the different security levels ranging from the main server to the less secure download servers. This ensures that the non-secure download servers re-encrypt the symmetrically encrypted packets in predefined time intervals such as, for example, once per day. Any such symmetrical re-encryption is advantageous because it does not take up much computing time.
  • the key for re-encryption is to be provided with a cryptographically secure current-status feature. This can be achieved, for example, by calculating the key for the re-encryption action by a hash algorithm based on a key that is commonly known to the main server and the download server, as well as the date of the day and, if necessary the current time of the day such as, for example, by an HMAC algorithm.
  • the current packet and the packet from the previous day are always obtained and any older packets can be deleted after the expiration of a set time interval such as, for example, after one day to save storage space on the download servers.
  • the main server is able to calculate and give to the client, independently of the download servers, the above-referenced information regarding each part for the large data packet.
  • a secure main server handles the coordinating of the downloads.
  • the client contacts the main server for the purpose of requesting the downloads via a secure connection that is, in particular, a HTTPS or SSL connection.
  • the client therein identifies itself relative to the main server by its unique identifier.
  • To authenticate the client by querying the database, the main server checks if the transmitted identifier belongs to the authorized client.
  • the client In response to its download request, the client is receives from the main server a data packet that is generated by linking the total length of the signed archive file to the hash value of the signed archive file and information regarding the totality of the parts to be loaded. Contained in this information is for each part at least the offset of the part in the signed archive file, its length, its hash value and a download URL.
  • the main server specifically selects the download URL for each client. Before transmitting a data packet from the secure main server via the secure connection to the client, the data packet is encrypted and/or signed.
  • the information as to the last part must be correct if the hash values for the remaining parts as well as for the total file are correct. In principle, it would suffice in this instance as well, if only the hash value of the total file is transmitted; because if it is correct, it would thus also indicate that all parts must also have been transmitted correctly and without having been tampered with.
  • the hash values of the parts are known because, in the event of a faulty transmission of a part, it can be immediately downloaded again without having to wait for the completion of the total download.
  • the client then decrypts, if necessary, the received data packet and analyzes the information regarding the partial downloads. Subsequently, it establishes one or more non-secure connections to the transmitted URLs on the one or more download servers in order to download parts. Once the parts are complete, they are checked by their respective transmitted hash values in order to ensure an error-free transmission. The checked parts are then assembled into the archive file, and the archive file in turn is checked by its hash value.
  • One embodiment of the method according to the invention provides that the content of the archive file is identical for all clients.
  • all clients receive a uniform and complete record, and the functions that are available for the user are determined by the licensing information and the like. If the user acquires a license for further functions between two updates, it must only be approved by transmitted licensing information. It is not necessary, however, to download any program files after the fact. This way, the management task of the update packets on the part of the provider is also simplified.
  • the files for the download archive are assembled individually for each client.
  • the assembly preferably is done by the secure main server.
  • the main server itself does not handle this task but instead passes it on to one or more computers that are connected within the local network.
  • the secure main server is not an individual computer but a multiple-computer network or cluster. Any such configuration of the main server as comprising multiple networked individual computers is deemed within the scope of the present application.
  • the individual assembly of the files for the download archive is based on one or multiple features that are deposited in addition to the unique identifiers in the database. This way, it is possible to minimize downloading for each client, for example, by only transmitting files for licensed functions. It is, moreover, possible to take region-specific files into consideration such as, for example, character sets and voice files. Moreover, the provider has the option of providing one group or individual clients (for example, beta testers) specifically with one version of the software or, vice versa, to exclude them from it (for example, known incompatibilities, legal restrictions).
  • a preferred embodiment of the invention envisions that the data that are made available on the download servers do not correspond, in terms of their sizes, to the parts that are to be loaded and that information as to a corresponding download offset is added to the parts that are to the loaded in the transmitted data packet.
  • Two advantages can be realized using this technique.
  • a further security benefit is achieved in that the parts that are to be loaded are not stored as such on the download servers; instead, supplemented by random data before and/or after, they are stored as a file therein. Since the client knows, based on its received data packet, the exact length of the part as well as of the download offset, it is able to download only the part, while any attacker does not know what is junk data and what is a necessary data piece.
  • the download servers are also able to hold a completely prepared archive file instead of a multitude of part files at the ready.
  • the main server is then able to define completely flexibly the parts that are to be loaded without new part data having to be transmitted by it to the download servers. All that is necessary is the calculation of the matching hash values that are then transmitted together with the new offsets and part lengths to the clients.
  • a GZIP- or LZMA-compressed tar archive is greatly preferred for use in connection with the archive file.
  • Combining a tarball with the GZIP- or LZMA-compression algorithm it is possible to achieve very good compression rates; plus, the generated archive files have the advantage that the data can only be reconstructed when the archive file is complete.
  • connection between the clients and the servers is achieved by a WAN, in particular the internet.
  • the method is, naturally, also suited for an LAN such as, for example, a company network in which the computers of a large company are supplied with software updates via a central server.
  • the secure main server makes the selection of the one or more non-secure servers for the downloading action of the requesting client based on the shortest possible distance or the geographic region that is determined by the IP addresses, and/or that is deposited in the database for each client, and/or when achieving preset transmission volumes.
  • the main server can ensure a downloading action for the client that is a quick as possible and will, aside from balancing the loads of the download servers, take into consideration any free traffic on leased servers. If the free volume of the is running month has been reached on one server, the main server is able to simply exclude it for the remainder of the month from the URL transmission to the clients, thus keeping operating costs low.
  • the secure main server can function as a database server and/or download server at the same time. Any such task combination is interesting, first and foremost, in cases when the main server does not appear as an individual computer but, as described above, as a computer cluster. The possibility that the main server can also act as a download server is also useful with regard to securing availability.
  • the archive file can be extended before the hashing and signature by a manifest that contains information regarding the files that are contained in the archive file such as, in particular, version and compatibility information, and a version number and/or a description of the archive are also incorporated into the transmitted data packet.
  • a manifest that contains information regarding the files that are contained in the archive file such as, in particular, version and compatibility information, and a version number and/or a description of the archive are also incorporated into the transmitted data packet.
  • One preferred method of preventing such undesired conditions consists in detecting such problematic conditions by return messages from the download servers to the main server. Subsequently, the download server/client links are then sorted in the context of an availability table, and the problems are recorded individually. Any automated management strategy can consist in excluding problem-afflicted connections during further attempts or by skipping generally unavailable download servers altogether for all clients. Using expedient, known evaluation tools, administrators are able to use the availability table for error resolution tasks.
  • Certain error states of the download server may possibly only be reliably recognized from the client side; for example, let us imagine an instance in which, due to a defective configuration, the firewall of the download server allows administrative connections between the main server and download server via VPN, but no downloads from external clients.
  • the main server can thus also learn whether individual clients have individual problems; for example, due to a firewall, local routing issues or wrongly configured MTUs in the router. Moreover, the main server is able to maintain statistics if the client not only reports the success or failure of the update and/or of the download of each part or daily information and the like, but if the client also transmits speed and duration. On the basis of this information, the main server is able to detect and ascertain, for example, which non-secure download server is best suited for which client, which provider network or which region.
US13/521,874 2010-01-27 2010-11-25 Method for securely downloading from distributed download sources Active 2031-06-20 US8966258B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DE102010006008A DE102010006008B4 (de) 2010-01-27 2010-01-27 Verfahren zum gesicherten Download von verteilten Downloadsourcen
DE102010006008.9 2010-01-27
DE102010006008 2010-01-27
PCT/EP2010/068252 WO2011091887A1 (de) 2010-01-27 2010-11-25 Verfahren zum gesicherten download von verteilten downloadsourcen

Publications (2)

Publication Number Publication Date
US20120290842A1 US20120290842A1 (en) 2012-11-15
US8966258B2 true US8966258B2 (en) 2015-02-24

Family

ID=43742416

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/521,874 Active 2031-06-20 US8966258B2 (en) 2010-01-27 2010-11-25 Method for securely downloading from distributed download sources

Country Status (5)

Country Link
US (1) US8966258B2 (de)
EP (1) EP2529529B1 (de)
KR (1) KR101453379B1 (de)
DE (1) DE102010006008B4 (de)
WO (1) WO2011091887A1 (de)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9892202B2 (en) * 2012-01-25 2018-02-13 Microsoft Technology Licensing, Llc Web page load time reduction by optimized authentication
US9577986B1 (en) * 2012-07-27 2017-02-21 Daniel A Dooley Secure data verification technique
US9286644B2 (en) * 2013-01-12 2016-03-15 Pro Softnet Corporation Method for sharing multiple data items using a single URL
US10250579B2 (en) * 2013-08-13 2019-04-02 Alcatel Lucent Secure file transfers within network-based storage
GB2532039B (en) 2014-11-06 2016-09-21 Ibm Secure database backup and recovery
KR101595897B1 (ko) * 2014-12-09 2016-02-19 숭실대학교산학협력단 디지털 도어록 및 그 제어방법, 이를 수행하기 위한 기록매체
US9948625B2 (en) 2015-01-07 2018-04-17 Cyph, Inc. Encrypted group communication method
US10103891B2 (en) 2015-01-07 2018-10-16 Cyph, Inc. Method of generating a deniable encrypted communications via password entry
CN104753925A (zh) * 2015-03-11 2015-07-01 华中科技大学 一种对文件进行加解密的网关系统和方法
KR101712726B1 (ko) * 2015-04-27 2017-03-14 갤럭시아커뮤니케이션즈 주식회사 해시 코드를 이용하는 콘텐츠의 무결성 및 유효성 검증 방법 및 시스템
KR101703880B1 (ko) * 2015-10-01 2017-02-07 국민대학교산학협력단 시큐어로깅을 위한 포워드시큐어 압축 서명 장치 및 방법
EP3360033B1 (de) * 2015-10-07 2023-03-15 Nec Corporation Verfahren zum speichern einer datendatei
US10528624B2 (en) * 2015-12-07 2020-01-07 Sap Se Optimal hash calculation of archive files and their file entries
GB2562079B (en) * 2017-05-04 2021-02-10 Arm Ip Ltd Continuous hash verification
US11088846B2 (en) * 2019-03-28 2021-08-10 Intel Corporation Key rotating trees with split counters for efficient hardware replay protection
US11240039B2 (en) * 2019-06-28 2022-02-01 Intel Corporation Message index aware multi-hash accelerator for post quantum cryptography secure hash-based signing and verification

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6772337B1 (en) * 1999-11-09 2004-08-03 Lucent Technologies Inc. Light weight security for parallel access to multiple mirror sites
US20040172476A1 (en) * 2003-02-28 2004-09-02 Chapweske Justin F. Parallel data transfer over multiple channels with data order prioritization
US20050076210A1 (en) * 2003-10-03 2005-04-07 Thomas David Andrew Method and system for content downloads via an insecure communications channel to devices
US7263497B1 (en) * 1998-02-06 2007-08-28 Microsoft Corporation Secure online music distribution system
US7299500B1 (en) * 2003-07-17 2007-11-20 Copyright Clearance Center, Inc. Method and apparatus for secure delivery and rights management of digital content at an unsecure site

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7546427B2 (en) * 2005-09-30 2009-06-09 Cleversafe, Inc. System for rebuilding dispersed data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7263497B1 (en) * 1998-02-06 2007-08-28 Microsoft Corporation Secure online music distribution system
US6772337B1 (en) * 1999-11-09 2004-08-03 Lucent Technologies Inc. Light weight security for parallel access to multiple mirror sites
US20040172476A1 (en) * 2003-02-28 2004-09-02 Chapweske Justin F. Parallel data transfer over multiple channels with data order prioritization
US7299500B1 (en) * 2003-07-17 2007-11-20 Copyright Clearance Center, Inc. Method and apparatus for secure delivery and rights management of digital content at an unsecure site
US20050076210A1 (en) * 2003-10-03 2005-04-07 Thomas David Andrew Method and system for content downloads via an insecure communications channel to devices

Also Published As

Publication number Publication date
EP2529529B1 (de) 2018-03-14
KR20120123483A (ko) 2012-11-08
WO2011091887A1 (de) 2011-08-04
DE102010006008B4 (de) 2012-10-31
EP2529529A1 (de) 2012-12-05
KR101453379B1 (ko) 2014-10-22
US20120290842A1 (en) 2012-11-15
DE102010006008A1 (de) 2011-07-28

Similar Documents

Publication Publication Date Title
US8966258B2 (en) Method for securely downloading from distributed download sources
US11483143B2 (en) Enhanced monitoring and protection of enterprise data
US20230362133A1 (en) Systems and Methods for Uploading Streamed Objects to a Cloud Storage System
US10425282B2 (en) Verifying a network configuration
US8266286B2 (en) Dynamic key management server discovery
US9166893B2 (en) Methods, apparatus and systems for monitoring locations of data within a network service
Trenwith et al. Digital forensic readiness in the cloud
US8705348B2 (en) Use of metadata for time based anti-replay
US10021101B2 (en) Embedding security posture in network traffic
US9876773B1 (en) Packet authentication and encryption in virtual networks
US9942050B2 (en) Method and apparatus for bulk authentication and load balancing of networked devices
US11757717B2 (en) Verifying network elements
JP2014127721A (ja) 暗号鍵管理プログラム、データ管理システム
US10586065B2 (en) Method for secure data management in a computer network
US20230037520A1 (en) Blockchain schema for secure data transmission
CN113162943A (zh) 一种防火墙策略动态管理的方法、装置、设备和存储介质
CN116545706B (zh) 一种数据安全传输控制系统、方法、装置及电子设备
US11936633B2 (en) Centralized management of private networks
CN109587134B (zh) 接口总线的安全认证的方法、装置、设备和介质
US20160112488A1 (en) Providing Information of Data Streams
CN113992734A (zh) 会话连接方法及装置、设备
KR101458929B1 (ko) 3자 인증을 이용한 로그 정보 인증 시스템의 osp 서버에 포함된 로그 블랙박스 장치 및 그 운영방법
JP2004297749A (ja) Vpn装置

Legal Events

Date Code Title Description
AS Assignment

Owner name: ARTEC COMPUTER GMBH, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ARTISHDAD, JERRY JOHN;HETT, CHRISTIAN;REEL/FRAME:028644/0075

Effective date: 20120725

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: SURCHARGE FOR LATE PAYMENT, SMALL ENTITY (ORIGINAL EVENT CODE: M2554); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8